Tinkering with Raspberry (and other things)

Basics for Beginners (part 3 – SSH)

1 Comment

Welcome to the third part of what in reality is just a compilation of my notes…

My Raspberry is running “headless”. Most of the time. This means that no keyboard, mouse or display is attached to it. The only means of access is via a secured shell, SSH in short. I will not go into detail on how to activate SSH on the Raspberry, this is extensively described in every “First steps” guide I know. So from now on I will suppose that you have successfully logged into your Raspberry via SSH from a remote machine.

So why writing about it at all?

Good question. I am, no, please do not laugh, running out of IP addresses at home. There’s desktops, laptops, tablets, phones, internet radios, NAS devices. printers etc. I did not anticipate this, so I went with the default /24 network. Reconfiguring all devices is just too much effort right now. And no, abandoned devices will not lose their once assigned IP. One does never know whether it will be needed at some time…

So the problem is that I want to have my Raspberry use one defined IP address, no matter what SD-card is plugged in. There’s the catch. Everytime you connect via SSH to an IP a key is checked. When you connect for the first time, SSH politely asks you whether the new key should be added. Usually one answers with “Yes”. Plug in another SD-card and you get a different key for the same IP. SSH does not like it and complains bitterly. In other words: it is most likely that you can’t connect. SSH calls this “Strict Host Key Checking”.

This is absolutely correct. SSH means “Secure Shell”, so having a different key on the same IP address usually means nothing good. I would never change that behaviour. But we have other means of making life easier. Not really elegant means, but they work. And with my Use Case applied, it works out pretty good.

What does SSH do?

Every time you connect via SSH to a client a key is generated and SSH asks you, whether this client should be added to a file holding the keys for all known hosts you were connected to via SSH. Prompting with “yes” results in an entry containing the IP address and a generated key being added to the “Known Hosts” file. Luckily there is also a configuration file that we can use for SSH and that is exactly what we are going to do. And, as always, I am describing this from the Mac user’s point of view.

On your Mac open a Terminal (remember, I recommended iTerm) and do a

ls -al

You should get an output with a lot of entries and you will see some files/directories which names start with a dot (.). These are hidden files. And there should be a “.ssh” directory, so type in “cd .ssh” and lets have look whats in there by again typing the above “ls -al“. You should see something like this:

drwx------   4 user  group   136 12 Jun 13:09 .
drwxr-xr-x+ 66 user  group  2244 19 Jun 07:26 ..
-rw-r--r--   1 user  group    78 12 Jun 13:09 config
-rw-r--r--   1 user  group  2731 14 Jun 18:08 known_hosts

There are two files. The above mentioned “known_hosts” file and a configuration file named “config”. Open the file “config” by typing

nano config

which of course assumes that nano (an editor) is installed.

We are going to change the configuration file so that everytime you ssh to a machine located within your local network ssh does not write an entry in the known_hosts file, but instead writes this entry to “dev/null” (the trash can). So if you connect to this same IP again (but with another SD-card in your Raspberry and hence a different SSH key) the system thinks that it is the first time you connect to this IP and writes the SSH-key to (what it thinks) is the known_hosts file.

Host 192.168.1.*
    StrictHostKeyChecking no

One word of warning:
With this configuration we basically circumvent SSH’s basic security feature (checking if keys have changed). So please do not do this on a machine that is using the same IP-range for real work. Or change the line beginning with “Host” to the one and only IP address of the Raspberry.


One thought on “Basics for Beginners (part 3 – SSH)

  1. Pingback: Edit Source Code Remotely | MyRaspberryAndMe